A type of internet risk is Corporate Account Takeover
Corporate Account Takeover is an ongoing electronic crime typically involving the exploitation of businesses. Businesses that are more at risk are those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank's online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to their computer system to take confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Any customers that perform electronic transfers are potential targets. These thefts have affected both large and small banks.
This type of cyber-crime is an advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime, including circumventing one-time passwords, authentication tokens, and other forms of multi-factor authentication. Customer awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a "layered security" approach is required.
Thus, with more services being offered online and more devices accessing these services, security risks are elevated. By utilizing best practices for internet users, the risk can be greatly reduced. Planters First Bank takes great measures to protect and ensure security when it comes to our customer's financial data. Best practices for internet users are some techniques that can strengthen your safety and security within the online banking environment. Talk to your financial institution about products that offer an extra layer of security like call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
How do I protect myself and my small business?
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well-prepared:
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer callbacks, device authentication, multi-person approval processes, and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity, and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Employee Education is Essential, but is Missing the Mark
You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
Although implementing security controls for banking and customer information is a good business practice, there may be state, federal, or industry regulations or guidelines requiring specific controls or procedures to be in place. Businesses should ensure they are complying with such requirements.
Here are additional resources to consider when developing an information security program:
- The Better Business Bureau’s website on Data Security Made Simpler
- U.S. Chamber of Commerce’s Internet Security Essentials for Business
- Better Business Bureau’s Data Security Made Simpler
- The Federal Trade Commission’s business guide for protecting data
- The Electronic Payments Association’s website has numerous articles regarding CATO for both financial institutions and banking customers.